Platform
python
Component
langflow
Fixed in
1.8.1
1.8.1
CVE-2026-27966 is a critical Remote Code Execution (RCE) vulnerability discovered in Langflow, specifically within the CSV Agent node. This flaw allows attackers to execute arbitrary Python and OS commands on the server through prompt injection. The vulnerability impacts versions of Langflow up to and including 1.8.0rc2, and a fix is available in version 1.8.0.
The core of the vulnerability lies in the CSV Agent node's hardcoded configuration of allowdangerouscode=True. This setting inadvertently exposes LangChain’s Python REPL tool (pythonreplast), a powerful feature intended for controlled code execution within the Langflow environment. An attacker can exploit this by crafting malicious prompts that inject code into the REPL, effectively gaining command execution capabilities on the server. This grants them the ability to read, modify, or delete sensitive data, install malware, or even pivot to other systems within the network. The blast radius extends to any data processed by the CSV Agent, and the potential for complete system compromise is significant.
CVE-2026-27966 was publicly disclosed on 2026-02-27. While no active exploitation campaigns have been publicly confirmed, the ease of exploitation and the potential for significant impact make it a high-priority vulnerability. The vulnerability is not currently listed on CISA KEV, but its CRITICAL CVSS score warrants close monitoring. Public proof-of-concept exploits are likely to emerge given the vulnerability's nature.
Exploit Status
EPSS
0.15% (36% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-27966 is to immediately upgrade Langflow to version 1.8.0 or later. This version addresses the hardcoded allowdangerouscode=True setting, effectively disabling the vulnerable REPL tool. If upgrading is not immediately feasible, consider implementing a Web Application Firewall (WAF) rule to block suspicious prompts containing potentially malicious code. Additionally, restrict access to the CSV Agent node to trusted users only. After upgrading, verify the fix by attempting to execute arbitrary code through the CSV Agent node; the execution should be blocked.
Update Langflow to version 1.8.0 or higher. This version fixes the remote code execution vulnerability by disabling dangerous code execution in the CSV Agent node. The update prevents the execution of arbitrary commands on the server.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-27966 is a CRITICAL Remote Code Execution vulnerability in Langflow's CSV Agent node, allowing attackers to execute arbitrary code via prompt injection due to a hardcoded configuration.
You are affected if you are using Langflow versions 1.8.0rc2 or earlier. Upgrade to 1.8.0 or later to resolve the vulnerability.
Upgrade Langflow to version 1.8.0 or later. As a temporary workaround, implement a WAF rule to block suspicious prompts.
While no active exploitation campaigns have been publicly confirmed, the ease of exploitation makes it a high-priority vulnerability and potential for exploitation is high.
Refer to the Langflow project's official release notes and security advisories for details: [https://github.com/langflow-ai/langflow/releases](https://github.com/langflow-ai/langflow/releases)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your requirements.txt file and we'll tell you instantly if you're affected.